The recent Tesla “brake failure” incident has become the focus of public opinion, and the subsequent release of Tesla’s accident vehicle driving data has brought to the forefront the key issue of the digital economy – user personal privacy.
In the general environment of the new crown epidemic, people have become more dependent on the Internet in their daily lives, and many companies that were once not involved in online business have been forced to expand into new channels through online.
People interact with different platforms, businesses, and applications to generate a lot of data, and algorithms use the data to meet user needs more precisely.
As technology advances and the business paradigm shifts, the ways to cash in on data leap geometrically, making data the largest market of the 21st century. The one who gets the data gets the world. However, data without privacy protection is like gold sprinkled everywhere, and the major Internet platforms are greedily devouring and misusing these valuable “raw materials” that they do not own.
This is an issue that cannot be ignored.
When it comes to data privacy, the first reaction of most users is: I don’t want to provide private information, but I can’t help but provide it.
Indeed, the essence of Internet applications in the Web 2.0 world today is that users exchange personal data for services. To put it nicely, how can your take-out be delivered to your home without providing information? How can applications serve you in a more comprehensive way without providing information? Forced to do nothing, you can only choose to run naked in the Internet.
What’s more frightening is that everything is being connected, Internet applications are no longer limited to your computer and cell phone, slowly everything around you that you can see and touch will become an application that constantly obtains data, then, the user will no longer be active and selective in providing data, but passive “monitoring”.
The ownership of the data should belong to the data producer rather than the data user (application service provider), and the service provider should not use the user data for rent-seeking behavior.
Is there a privacy solution for the Web 2.0 world?
Not enough technology, manual remedies. For years, when technology didn’t allow, manual remediation was the only compromise, and this is true for all issues, including privacy.
The solution to the privacy problem in the Web 2.0 era is to improve legislation.
All countries have established and legislated for data privacy protection. In China, the civil law protects data rights, the criminal law characterizes crimes against personal information, the economic law regulates the flow of data sharing, and the State Administration of Market Supervision and Administration has issued anti-monopoly guidelines for the platform economy.
But can these acts really guarantee user privacy? Can user data really be protected from misuse?
The answer is no.
In December last year, it was revealed that “celebrity health photos were leaked”. In a group of people who took photos on behalf of the celebrities, it was possible to buy one celebrity’s health photos for 1 yuan at first, and then it was possible to package 7 people’s health photos of “tnt Time Youth Group” for 3 yuan, and then it was possible to package more than 70 artists’ health photos for 2 yuan, and more than 1,000 artists’ ID numbers were sold for only The company’s website is a good example of how to get the most out of your website. Not only can you search for these information of celebrities, just search for the name and it will show the avatar and nucleic acid test information of the person.
Even in a takeaway platform, the same order, the same merchant, the same delivery address, the same time period, but members than non-members spend more, the platform uses big data to different groups of differential pricing, rent-seeking cases are common.
What is the problem? Unclear legislation, asymmetric information, insufficient punishment, ultimately leading to difficult to find, difficult to prove, difficult to identify, the platform desperate to take risks.
There will always be flaws in the mechanism, there will always be dead ends in the law, and manual control is not a long-term solution.
Web 3.0 world returns privacy to users
Imagine if the user does not need to provide any information, or rather, the platform does not get any information about you, but can still provide you with services as usual?
It all sounds amazing, but it’s really all math. Yes, zero-knowledge proofs can make it all happen.
A zero-knowledge proof is a cryptographic protocol in which the prover is able to convince the verifier that an assertion is correct without providing the verifier with any information about the message being proven.
You can understand intuitively what zero-knowledge proofs are after reading the following short story about Alibaba.
Ali Baba encountered a robber who wanted to get the spell to enter the cave from his mouth, but Ali Baba was afraid that the robber would not give him a chance to live after learning the spell. Ali Baba thought to himself, how can he prove the fact that he knows the spell without revealing the spell?
Ali Baba had a plan in mind. Ali Baba let the robber far enough away from him, so far that he could not hear the incantation. When the robber raises his left hand, Ali Baba will let the cave door open, and when the robber raises his right hand, Ali Baba will not recite the incantation. After repeatedly verifying the validity, the robbers decided that Ali Baba did know the incantation to open the cave. Alibaba also proves to the robbers the objective fact that he knows the incantation without revealing the incantation itself.
In real life, the user is the prover and the service provider is the verifier. Thus, by proving zero knowledge the user can allow the service provider to still provide the service without leaving any extractable traces in the data.
There are already many applications on the chain that use zero-knowledge proofs, most typically the well-known anonymous coin Zcash, which allows users to transfer funds with fully encrypted information and guarantees the verifiability of transactions for nodes to verify through zk-SNARKs (Simple Non-Interactive Zero-Knowledge Proofs) consensus proofs. Specifically, Zcash addresses are divided into hidden addresses (z-addresses) and transparent addresses (t-addresses), and transactions between hidden addresses will also appear on the chain. . The owner of the address also has the option to disclose the hidden address and transaction details to a trusted third party to address audit and regulatory needs. Transactions between two transparent addresses are no different than bitcoin transactions, and funds can be transferred between the hidden and transparent addresses.
Again, back to the recent case of Tesla releasing its driving data to the public. Tesla released accident vehicle data to the public without the user’s permission in order to prove its innocence. If the information is encrypted by zero-knowledge proof and transmitted to the Tesla algorithm protocol, Tesla will not have access to the metadata, and if Tesla wants to use the user data, it needs to get the user’s permission in advance. After an accident, if the judiciary needs data forensics, the encrypted information can be made public if the user is willing to cooperate with the investigation.
Imagine a future where, with the help of zero-knowledge proof, users can prove their health without having to provide their names, photos, or whereabouts, or where users can prove that they are immune to a new coronavirus without having to provide how they became immune to the virus (having developed antibodies or having been vaccinated). Perhaps one day people will be able to order take-out without having to provide their name, phone number, or address to the platform, and a robot will deliver it to their doorstep.
Zero-knowledge proof is not new. The theory of “interactive zero-knowledge proof” was proposed by Goldwasser et al. in the early 1980s, and the concept of “non-interactive zero-knowledge proof” was further developed by Blum et al. in the late 1980s. But why do Internet platforms not adopt this technology today?
First of all, from a technical point of view, any innovation from theory to practice requires decades of effort and precipitation, and it is only in recent years that zero-knowledge proofs have really become a technology that can be applied. However, compared with traditional solutions, the cost of using zero-knowledge proof is still too high and inefficient, which is unacceptable for both platforms and users.
On an economic level, users have formed a solidified mindset that they must provide information in order to receive services, and it is now logical for platforms to obtain information. In front of huge interests, it is difficult for the platform giants to make compromises. From a user perspective, most users are not yet aware of the importance of privacy and the value of the data they generate, so users do not have a strong will to push for privacy solutions.
From a technology solution perspective, Aleo is a good example of an enabler, starting with on-chain applications, lowering the threshold for privacy application development and cost of use, and making privacy the default attribute of the application. This is significant in terms of getting privacy apps used at scale, as the Cosmos SDK and Substrate have done in driving the app chain paradigm.
However, user education is perhaps the most important of all issues. If users do not appreciate the importance of privacy, they will always be under the control of Web 2.0 platforms and any extra cost will be rebuffed. Users need to understand that ultimately the platform is only the provider of the algorithm, not the owner of the data, and has no right to misuse user data.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/those-internet-majors-dont-want-you-to-know-the-data-privacy-protection-scheme/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.